Page 199 - Cyber Defense eMagazine March 2024
P. 199
Cyber Threats and Challenges
A report by Statista has revealed that in 2020, the healthcare sector in the US suffered the highest number
of data breaches and compromised records. A total of 599 breaches occurred, affecting 26.4 million
records. Cyberattacks on healthcare organizations cost an average of $4.99 million, a 13% increase from
the previous year.
Some of the most common and dangerous cyber threats and challenges that the healthcare industry
faces are:
Ransomware
Ransomware is malware that encrypts the victim's data or systems and demands a ransom for their
decryption. These attacks can severely affect the functioning and services of healthcare organizations,
as they can prohibit access to critical medical records, devices, and systems. For instance, in September
2020, a ransomware attack on Universal Health Services, one of the largest hospital chains in the US,
impacted more than 250 facilities and disrupted patient care for several days.
Cloud Compromise
This attack exploits vulnerabilities or misconfigurations within healthcare organizations' cloud-based
services or applications. When a cloud is compromised, it can lead to data breaches, data loss, or
unauthorized access to sensitive information. A real-life example of this happened in July 2019, when a
cloud-based vendor for American Medical Collection Agency, a billing service provider for healthcare
organizations, experienced a data breach that exposed the personal and financial data of 20 million
patients.
Supply Chain
Supply chain attacks are cyber-attacks aimed at third-party vendors or partners of healthcare
organizations who provide software, hardware, or services integrated with their systems or networks.
These attacks can compromise the security and integrity of healthcare organizations and their data since
they can introduce malicious code or backdoors into their systems or devices. An example is the massive
supply chain attack in December 2020, which targeted SolarWinds, a software company that provides
network management tools to various sectors, including healthcare. This attack affected several federal
agencies and private companies, exposing their sensitive data and systems.
Business Email Compromise (BEC)
BEC is a phishing attack where the attacker impersonates a legitimate individual or organization to
deceive the recipient into acting, such as transferring money or disclosing sensitive information. These
Cyber Defense eMagazine – March 2024 Edition 199
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.